5 Password Policy Guidelines for Small to Mid-Size Businesses
Microsoft research shows that 90% of all compromised passwords come from a data breach.
You read that right - 90%!
Criminals use tools that can guess thousands of passwords a minute. Their goal is to wreak havoc on your network and steal your trade secrets. But, not all these criminals are hacking masterminds. These attacks can also be a result of a coworker or family member snooping around.
Passwords, believe it or not, are a major problem in the small to mid-size business (SMB) market. It's not uncommon for SMBs to have unenforced or weak password protocols. This HUGE oversight is why hackers are more focused on the SMB market than ever. Strong passwords are a simple, but powerful security measure.
I've been working for Accent Computer Solutions Inc., for five-plus years and as the Support Desk Supervisor, I've helped hundreds of people reset their passwords. We have strict guidelines and protocols in place to ensure the integrity of our client's passwords and security.
Luckily, there are ways for you to protect yourself and your company using companywide standards too.
Let's take a look at the strong password protocols that should be standard practice at your business.
5 Best Practices for Password Protocol
Don't worry though; all is not lost. The good news is, even if a password is compromised, you can create additional barriers that will make it nearly impossible to gain access to secure information. But, before we get ahead of ourselves, let’s start from the top:
1. Standard Secure Password Lengths and Combinations
- Use at least an 8-character password, but remember, longer is not necessarily better. Complexity is the key.
- Ensure your password uses both upper and lower-case letters, numbers and special characters. Phrases with punctuation marks are also a good route.
Example Phrase Password: This pr0tocoL could 5ave my COMP@NY!!
What to Avoid in a Password
- Don’t use common words like “balloons” or “baseball,” - words from the dictionary make guessing much easier.
- Using creative ways to write the word password should be avoided at all costs. Also, avoid commonly used phrases.
Examples: “PA$$w()rd” or “thisismypassword”
2. Don't Use Anything Related to Your Personal Life, Job, or Likeness
- Never use your name, phone number, or email address.
- Don’t use things people who know you could guess: birthday, pets, or child's name. As well as phrases you say a lot or musical preferences.
3. Never Repeat a Password or Variation of an Old Password
- Never repeat a password even months apart. There is always a chance that that old password is on a list somewhere and a hacker is waiting for you to reuse it.
- Never repeat the same password on different sites.
For example, let's say your company policy is a new password every 90 days. Don’t use the same password for your email as you do your software login. Criminals will try their luck with that same password on all your accounts.
4. Multi-Factor Authentication
Many websites offer a function to send you a text or email after your password was entered correctly. This is called multi-factor authentication. This message contains a unique security code that must be entered to gain access after your password was accepted.
If your password is compromised, the criminal, in theory, would be stop. He or she won’t have access to the secondary temporary passcode and would be blocked from access. That is unless you use the same password for your email, in which case they might have already intercepted the temporary password.
5. Log Out of Portals and Keep Your Computer Locked
- Logout and lock your computer before you leave it unsupervised. As mentioned before, unfortunately, sometimes co-workers or even family members can be in cahoots with hackers.
- This is also true for portals and web browsers. If you don't need it open anymore, or won't be using it for some time, log out and then close the window. Always, always log out first, don't just shut the program or window.
So, there you have it, how many protocol steps do you already follow? How many are new to you? While some of these steps might seem daunting or unnecessary, they are crucial. They keep not only you but your business safe from unnecessary downtime due to compromised passwords.
Have more questions? We're happy to chat anytime. Give us a call at 800-481-4369.
The IT Help Desk
The IT Help Desk was created with you in mind.
This monthly series will give you the inside track with tips and tricks sourced directly from our Help Desk to better serve you.
Related: Password Best Practices